Laker Netman wrote:
I have a Cisco 3660 router configured for dialup AAA
through FR (1.0.5) to access our LAN. I also have the
login to the router itself, for admin, authenticating
through FR (MySQL backend).
The same DB is used for all auth, so currently anyone
with a dialup account could also telnet into the
router. This leaves only my 'enable' password to
prevent problems.
I want to configure FR to eliminate this ability for
all but a select group of users (admins). There are
other devices I would like to add to the list later.
I've been looking at huntgroups as the solution, but
was unsure how (or if) this could be handled via sql
rather than the users file.
Is anyone doing this and could provide a sample config
layout?
I am not currently doing this but plan to tackle it by using something
like a realm of admin when I do get to it. So a user needing admin privs
would have to log in like [EMAIL PROTECTED] to get access.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
